Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
Showing results for 
Search instead for 
Did you mean: 
0 Kudos
Connector Builder Guide – Authentication Type: Oauth 1.0

Open Connectors consists of over 170 connectors to 3rd Party Applications natively embedded in the SAP ecosystem. If the Connector you need does not exist in the catalog, you can build it quickly with Connector Builder. This instruction guide will walk you through using this tool, with concrete examples throughout. The beginning, Part 1, can be found here.


Selecting Oauth 1.0 will expose these fields in the Setup Screen. You will need (using the Twitter API as an example):

  • Oauth Authorization URL:

  • Oauth API Key: You must register a Twitter app that will create an application that will provide a Consumer Key (sometimes called client_id)  and a Consumer Secret (aka client_secret). This is standard practice when setting up an Oauth 1.0 flow. The Consumer Key will be the Oauth API Key here.

  • Oauth API Secret: This is the Consumer Secret from the app above.

  • Oauth Callback URL: Almost always, the app that you register will require a callback URL, or sometimes called a redirect URI. You would enter the callback that redirects back to Open Connectors, or

  • Oauth Token URL:

  • Oauth Scope: Some APIs require one - in this case Twitter does not

  • Oauth Request URL:

  • Oauth Refresh Interval: Some APIs require one - in the case of Twitter, access tokens are not explicitly expired. This field is represented in seconds and is usually 3600 seconds.

After populating all the necessary fields for the specific API that you are working with, the Connector will redirect the user to the login page and will generate the access token (supplying the necessary oauth_verifier behind the scenes) during the process. It will append an Authorization header in the format of

`'authorization: OAuth oauth_consumer_key="CONSUMER_KEY", oauth_nonce="GENERATED", oauth_signature="GENERATED", oauth_signature_method="HMAC-SHA1", oauth_timestamp="GENERATED", oauth_token="ACCESS_TOKEN", oauth_version="1.0"'`

on all resource calls by default. The finished Connector will refresh the access token if the refresh token and interval is supplied.

Labels in this area